Remove PermissionBackend#user(Provider<CurrentUser>)

Checking permissions of users that aren't the caller on the current request can have implications on the security of the system. The most prominent one is creating a group-oracle. To limit the cases where we could potentially expose Gerrit to these threats, PermissionBackend removes the method that was operating solely on the provider of the current user. Change-Id: I601ea1200a15a5f262ca0770b23cc1c7bee126b1
2018-02-20 12:19:33 +01:00
parent 659ea71969
commit 4bdef6c030
78 changed files with 124 additions and 245 deletions
--- a/java/com/google/gerrit/server/restapi/change/PostReviewers.java
+++ b/java/com/google/gerrit/server/restapi/change/PostReviewers.java
@@ -360,7 +360,7 @@ public class PostReviewers
      ListMultimap<RecipientType, Account.Id> accountsToNotify)
      throws PermissionBackendException {
    if (!permissionBackend
-        .user(anonymousProvider)
+        .user(anonymousProvider.get())
        .change(rsrc.getNotes())
        .database(dbProvider)
        .test(ChangePermission.READ)) {